Sidebar Gallery

Decryptor Key For Petya Ransomware Released July 25th 2017

Decryptor For Ransomware Released July 25th 2017

The great news is that Malwarebytes Lab (july 25th 2017) declared they now havea decryptor for old and some current versions of Ransomware including, GOLDENEYE/PETYA(Petya/Not Petya) . To get a key to unlock your computer if you have Goldeneye, Red Petya or Green Petya click the link to Malwarebytes LABS. If you have been infected click here for info about how to identify the the particular version of Petya Malware that you have picked up. Even for the uninitiated there are step by step instructions on how to use the decryptor.

An Ounce of Prevention Is Worth A Pound Of Cure

To avoid being a victim in the first place:

Run all Microsoft Updates and backup your computer regularly. You can set them to run when you are asleep.In Windows 10, go to Settings > Update & Security. You’ll see your update status there. In Windows 8.1, go to Settings > Change PC Settings > Update and recovery. In Windows 7, go to Control Panel > Windows Update. And turn on File History

If you receive an email from someone you don’t know. DON’T OPEN IT. DON’T CLICK A LINK. DON’T DOWNLOAD AN ATTACHMENT.

Take care when using public WIFI. One the most serious new threats (inexsmar 7/23/17) involves hackers targeting hotel wifi. Distributed by a group called DarkHotel it is a multi stage trojan that covers it’s own tracks. Another step in the evolution of malware.

To read Sophos anti virus’ free, complete rundown, about what Ransomware is and the best ways to protect yourself click here.

DON’T pay! You’ll encourage more attacks and the chances are lottery slim you’ll get your computer unlocked. Even if they do, it does not rule out the chance you are still infected and being used (botnet).

The current Cyber threatGOLDENEYE/PETYA Wiper Virus (Petya/Not Petya)no longer contains the kill switch Wanna Cry (also known as wannacrypt) contained but it uses the same exploit (Windows vulnerability) that may be stopped by running this patch.Whereas Wanna Cry was designed to exploit weaknesses in Windows 7 and previous versions (XP etc), the current threat Goldeneye/Petya is an ongoing threat for all users. The criminals have not been caught but the Ukrainian company that helped to foster the spread of the malware by running outdated and insecure software may face criminal charges. It is thought that the malware was disguised as a Windows Update.

Many claim, it was made to destroy not to make money, leading some to think it was an attack from one nation state on another. The target seems to be once again The Ukraine, who has suffered60% of the attacks(let’s see who attacked the Ukraine before…hmm). All of the other casualties, which now include The Dutch Fedex and domestic (U.S.) Fedex. Fedex which also suffered losses from WannaCry will recover, but expects their losses to be significant. Other collateral damage was San Francisco’s Radio and TV station KQED which has been paralyzed by a ransomware attack for over a month that encrypted thousands of files . A bit like getting hit from fallout from a nuclear test?

Why haven’t the offender’s been caught? There is now very sophisticated software that hides the bad guys. The good guys catch up and the bad guys find a way around it. Malware can be downloaded to a computer and remain dormant for months till a host’s action triggers it. It can even affect the physical architecture of a computer. But let me clear that Microsoft put out the patch in Mid-March almost a month before the WannaCry ransomware attack. So we must shoulder some of the blame for the current epidemic.

Graph of Ransomware attacks courtesy of Microsoft

The new Windows Creator Update, when and if you decide to get it, provides much improved built-in Windows Defender Security and a more secure and feature filled Microsoft Edge browser. In addition, instead of running updates that were cumulative and took a while to download and run; Microsoft will be sending more frequent and smaller updates that are easier for your PC to digest. One of the biggest features is called container based isolation,which literally isolates malware within a browser and prevents it from taking control of any other system on your computer. This is a newer version of “Sandboxing” technology; because some malware was found to wait out the Sandbox isolation and then do it’s mischief. This fall, things will improve even more with the new “Redstone” update (the 2nd Creators Update) from Microsoft, which features the Windows Defender Application Guard.

How to use all the newest features in The Creators Update to protect your computer

Let me be clear The Creators Update is not perfect yet, what update is?

Though the money to move to the new OS like Windows 7 or Windows 10 (a free upgrade for most) in The United States is not at issue. The money to own a legitimate copy of the software in some countries is often not available, as a Ukrainian student at my work pointed out. Without the newer version or legitimate copies of the software, getting timely updates may not be possible. This explains why WannaCry hit some countries harder than others. Pirated versions of Windows may be cheap but WannaCry made many pay dearly. With the right software you can build a Windows operating system but upgrading and updating patches is another issue altogether.

WannaCrypt (ransomware) is a worm that spreads by constantly scanning from infected computers till it finds one with a vulnerability or exploit (which they all had before this patch) and infecting it. It is the result of a release by Shadow Brokers of hacking tools from the NSA that exploited vulnerabilities that Microsoft was unaware of. Which is why Microsoft pulled out all stops to shut it down. Would it have been nice if the NSA told Microsoft about these ? Hmmmm…Yes I think so. But then the backdoors might have been closed.

So why did big companies and hospitals get hacked? Because big organizations have scheduled updates so as to not to interfere with day-to-day operations, once a week sometimes less. Some don’t even have a networked option. In addition, these updates usually come in scheduled releases not all in once, except for emergencies like the one we have now. Also the bad guys target organizations that can’t afford not to pay. Some didn’t know they needed the patch, like movie editors who work on Avid ISIS or Nexis shares (Info for patch for Avid here).

If you don’t, you could visited by The Android version ofRansomware, whichencrypts texts, pictures and videos. If the ransom is not paid within a few days the price increases. The name on the Android Ransomware demand is Lycorisradiata. Lycoris Radiata (the Chinese red spider or magic red lily) is a flower with extremely poisonous bulbs used in Japan to surround rice paddies and houses to keep pests away. Wouldn’t it be nice if we could surround our phones and computers with something poisonous to keep out pests. The poisonous Lycorisradiatahas now been joined by a new threat GhostCtrl which now can record audio and video while gaining access to phone data in real time. Restricting permissions on devices seems to be part of the solution but who wants to do that to their phone?

Finally don’t let this all make you crazy; back up, follow rules for safe browsing, run all Microsoft Updates and enjoy your computer and your life.

Finally don’t let this all make you crazy; back up, follow rules for safe browsing, run all Microsoft Updates and enjoy your computer and your life.

Thousands of users affected. Play the time lapse map below created from data gathered by MalwareTech…